Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 393465

Summary: Look at using a Content Security Policy to help protect against XSS
Product: [ECD] Orion Reporter: Simon Kaegi <simon_kaegi>
Component: ClientAssignee: Simon Kaegi <simon_kaegi>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: P3    
Version: 1.0   
Target Milestone: ---   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description Simon Kaegi CLA 2012-11-02 16:52:23 EDT 
See http://www.html5rocks.com/en/tutorials/security/content-security-policy/

We should look at using a CSP but also ensuring our code would run successfully if it was applied. Using a CSP to remove the ability to run inlined JavaScript and evaled code would be excellent. Unfortunately I know dojo is using eval in some places...
Comment 1 John Arthorne CLA 2015-05-05 14:49:42 EDT 
Closing as part of a mass clean up of inactive bugs. Please reopen if this problem still occurs or is relevant to you. For more details see:

https://dev.eclipse.org/mhonarc/lists/orion-dev/msg03444.html